Description
Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.
Published: 2026-06-22
Score: 9.2 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Vulnerability stemming from inadequate protection of user information in the Assassin game API and local database, allowing unauthenticated remote attackers to retrieve email and phone number fields and expose sensitive data regarding minors and municipal users. The weakness represents an unauthorized disclosure of private data, aligning with CWE-200.

Affected Systems

Gaudire’s Assassin game is the affected product. No specific version numbers are supplied, but the vulnerability exists in both the application’s API layer and its underlying local database.

Risk and Exploitability

The CVSS score of 9.2 signals a high severity of confidentiality compromise, while EPSS data is unavailable and the vulnerability is not present in CISA’s KEV catalog. Because the API is reachable over the network and no authentication is required, an attacker can simply issue HTTP requests to the exposed endpoints to harvest personal data. The combination of wide access scope, simplicity of exploitation, and lack of an immediate patch elevates the risk for organizations using this product.

Generated by OpenCVE AI on June 22, 2026 at 14:38 UTC.

Remediation

Vendor Solution

There is no reported solution at this time.


OpenCVE Recommended Actions

  • Disable or secure the API endpoints that expose the ‘email’ and ‘telefon’ fields by implementing mandatory authentication and role‑based access control.
  • Redact or encrypt sensitive columns in the local database and ensure that only authorized components can query them.
  • Conduct an immediate privacy audit to identify any other exposed data and enforce data minimization policies.
  • Monitor network traffic and application logs for anomalous data extraction attempts, and keep abreast of vendor advisories in case a patch becomes available.

Generated by OpenCVE AI on June 22, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Gaudire
Gaudire assassin Game
Vendors & Products Gaudire
Gaudire assassin Game

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 22 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on minors and municipal users. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to gain access to sensitive information and data.
Title Multiple vulnerabilities in the Assassin game by Gaudire
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N'}


Subscriptions

Gaudire Assassin Game
cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2026-06-22T15:46:08.469Z

Reserved: 2026-04-27T07:25:28.931Z

Link: CVE-2026-7166

cve-icon Vulnrichment

Updated: 2026-06-22T15:46:03.705Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:03:31Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor